Now I read it, thought it over and began to understand that, perhaps, early today I was glad for the excellent statistics of RPKI adoption to the masses this year.
The current year, in addition to the well-known events and the increased load on the network, was marked by another important movement. During this year, there was an accelerated implementation of the named protocol in most of the largest Internet providers. Even a hashtag on this topic was launched on Twitter.
Yes, the implementation of RPKI can certainly be called an achievement , but only for a certain circle of interested organizations. For the Russian telecom, this could be the beginning of the end.
The bottom line is this. The current standard for signing Internet address distributions is based on a hierarchical system of certificates. That is, it is almost the same system, only with additions in the form of network numbers and announcements of ip-addresses. This standard assumes that the leading holders of the world's network capacities will only trust the announcements of network routes from their direct executors, i.e. those who will actually carry out these routes, or their immediate superiors. Informally, if - now it will be difficult to go "left".
The problem is this. It turns out that we are moving to a hierarchical management scheme, to a tree-like one. Both the protocol itself and the principles on which it is based are tree structures. And this goes against the philosophy of the Internet, which was created and, pah-pah, functions in a distributed mode. The Internet is the structure of an arbitrary graph (with the exception of some services such as DNS, the already named system of PKI certificates and the same distribution of addresses), without focusing on a strict hierarchy, without a single head.
- . , "" . .. - . ( Tier 1, .. . , . Tier 2 ..).
, Netflix, Amazon, Vkontakte Google. - , -, - - . - , , , .
, . , 3-4 , ( , Telia Sonera ). , , .
( ) PKI . , - . - . : -, , ( ) 20- .
.
, - . "", , "" . . ( ) MSK-IX DATAIX, , , , , . . . . . ( ) , , , . . .
- ( ), , , .
, , . , , ( ).
!